Datasheet
8
Chapter 1
Designing and Planning Messaging Services
Exchange Server 2007 setup does the following tasks preparing your Active Directory
environment:
1.
Extend the schema if it was not done already.
2.
Configure global Exchange objects in the configuration partition. These include
Exchange Administrative Group (FYDIBOHF23SPDLT), Exchange Routing Group
(DWBGZMFD01QNBJR), and so on.
3.
Create an OU in the root domain called Microsoft Exchange Security Groups, which
includes the following universal security groups (USGs):
Exchange Organization Administrators
Exchange Recipient Administrators
Exchange View-Only Administrators
Exchange Servers
ExchangeLegacyInterop
4.
Prepares the root domain as mentioned in next section.
If your Active Directory site topology is complex, you have to check before you
continue to make sure that replication to all domain controllers in your forest
took place. Tools like the Active Directory Replication Monitor (
replmon.exe
)
that is part of the Windows 2003 Resource Kit Tools can assist you with moni-
toring the progress.
Preparing Domains
If you are in larger environment where your Active Directory consists of multiple domains,
you also need to prepare every domain for Exchange Server 2007. Your domain preparation
will do the following things to the domain:
Set permissions on the Domain container for the Exchange Servers, Exchange Organization
Administrators, Authenticated Users, and Exchange Mailbox Administrators.
Create an OU called Microsoft Exchange System Objects and set permissions on this
container for the Exchange Servers, Exchange Organization Administrators, and
Authenticated Users.
Create a global group called Exchange Install Domain Servers and add it to the Exchange
Servers USG in the root domain.
There are two possible ways to prepare domains: you can prepare them all together or you
can run the command domain by domain. Preparing all domains together might seem like the
easiest way to prepare all domains, but sometimes you might not be able to do this. Consider
the following situations:
You have a regional Active Directory domain design; no central administration is available.
Permissions for the Enterprise Admin group were removed from some domains.
81461.book Page 8 Wednesday, December 12, 2007 4:49 PM